Safety – Checks Dependencies for Security Vulnerabilities

Safety is a command line tool that you can use to check your local virtual environment, your files, or any data from stdin dependencies for security vulnerabilities and issues. By default, it uses the Python vulnerability database open source security database, but it can be updated to use the pyup.io security API using the -key option.

Safety - Checks Dependencies for Security Vulnerabilities
Safety – Checks Dependencies for Security Vulnerabilities

The tool is free and open source (MIT Licensed). The underlying open vulnerability database is updated once per month.

To get access to all vulnerabilities as soon as they are added, you need an API key that comes with a pyup.io account, starting at $99 for organizations.

If you are looking for a deep integration with your GitHub repositories: Safety is available as a part of pyup.io, called Safety CI. The CI version checks your commits and pull requests for dependencies with known security vulnerabilities and displays a status on GitHub.

You can also run the command line version regularly to check any known vulnerability that should be fixed in your environment. next make the update using the produced report.

You can install the tool with pip. While to read more about the configuration and settings with some examples you can check over here: https://github.com/pyupio/safety

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments